“All That We Let In”: health apps’ APIs are vulnerable and easy to hack, exposing and altering PHI and PII

February 27, 2021 | by

Mobile security company Approov has issued a scary report on the hackability of popular health apps. They tested 30 apps (not named in the report) of the 300,000-odd health apps in the market, and found that the application programming interfaces (APIs) used in 100 percent of these apps had hardcoded vulnerabilities that could allow hackers to access protected health information (PHI), personally identifiable information (PII), identity, and billing information. According to the report (registration required), these apps used by patient care organizations for remote account management and telemedicine appointments may expose 23 million individuals. Of the 30 apps tested:

  • 77 percent contained hardcoded API keys, some of which do not expire
  • Seven percent had hardcoded usernames and passwords in plain text
  • 50 percent of the doors that these API vulnerabilities opened led to PHI and billing information
  • 100 percent of the API endpoints tested were vulnerable to Broken Object Level Authorization (BOLA) attacks. These involve a relatively simple process of falsifying user IDs and swapping out numbers. For some apps, the hack could gain clinician-level access and alter medical histories and records (including issuing prescriptions for medication).
  • 100 percent of the apps were vulnerable to man-in-the-middle attacks due to failure to implement certificate pinning, which forces the app to validate the server’s certificate against a known good copy

Alyssa Knight, the ‘recovering hacker’ who authored the report, also hacked into one hospital’s EHR and changed its values by one digit. She was then able to access health records and registration information. She used a hacking tool that looks like it is generating data from a mobile health app.

The use of mobile apps for telehealth and portals has become far more widespread as a result of the pandemic, yet security has lagged–even though the level of sophistication in the apps, and the amount of information they integrate, has accelerated to become the norm. It’s a wakeup call to developers, health systems, and digital health companies that off the shelf and old APIs don’t meet security demands. Unfortunately, Gartner projects that APIs will become the vector for most data breaches by 2022. CPO Magazine, FierceHealthcare

As practices reopen, telemedicine visits continue to plunge from 69% to 21%: Epic (US)

September 2, 2020 | by

The extreme high tide has receded–but still way up than before the pandemic.  The Epic Health Research Network (yes, that Epic EHR), updated its earlier study through 8 May [TTA 22 July] to compare in-office to telehealth visits through 12 July. The trend that EHRN spotted (as well as Commonwealth Fund/Phreesia/Harvard) continued with telemedicine visits declining as practices reopened. As of mid-July, telehealth visits, as a  percentage of national ambulatory visits, declined to 21.2 percent compared to 78.8 percent in-office. 

The new EHRN study used a broader sampling than previously. They surveyed healthcare providers of data: 37 healthcare organizations representing 203 hospitals and 3,513 clinics in 50 states. The decline in telehealth visits noted in early May continued, with May finishing with a national 50/50 split.

But in context, telehealth visits immediately before the COVID-19 pandemic were a whopping .01 percent

Regionally, the Northeast leads in July telehealth visits with 25 percent. The South has the least adoption of telehealth with only 13 percent. In terms of total office visits, neither the South nor West have rebounded to pre-pandemic levels, whereas the Northeast and Midwest have.

The key to the future of the telehealth bubble bath is if telehealth usage versus in-person stabilizes for several months. But there’s another factor which has come about through higher telehealth usage. Noted in our July article was speculation on the reasons why the sudden decline, other than practices reopening, most of which pointed to practice training, reimbursement, and older/sicker patients falling into the smartphone/digital divide. The STAT article has statements from telehealth providers which are quite bubbly and quotable, with the CEO of MDLive stating that new bookings are up 300 percent and mental health hasn’t declined. But a problem now surfacing is providing patients with the right care at the right time–and fitting it into the office schedule. What visits can best be handled as telehealth and which require an in-person visit? This Editor recalls that Zipnosis, a white-labeled telehealth system we haven’t heard from in a while, incorporated for health system applications a triage intake which would direct the patient to the right level of care. Can this be rolled out in a similar way to the practice level?

News roundup: CVS cashing out notes, catching up with ISfTeH, India’s Stasis Labs RPM enters US, Propeller inhaler with Novartis Japan, Cerner gets going with VA

August 27, 2020 | by

CVS Health is pricing out a tender offer for some notes. If you are holding one of a potpourri of notes with due dates of 2023 and 2025 from CVS, the company is making a cash tender offer, meaning they are cashing these notes out. This is usually done as part of rearranging financing, especially appropriate in the wake of the Aetna acquisition. The details are here in their release of 12 August. The collective value for both note years is approximately $3 bn each. An update is here on Seeking Alpha.

We have been remiss in not maintaining our following the Swiss-based International Society for Telemedicine and eHealth (ISfTeH) so we will direct your attention to their August update which features the effect of COVID on teledermatology, women’s health, teleurology, and news on members and developers. Their Journal, still edited by Professor Maurice Mars of South Africa, has published once this year in January.

India’s Stasis Labs, developer of a remote patient monitoring (RPM) platform utilizing a smartphone, vital signs devices, a bedside monitor connected into a platform, is entering the US market. It monitors six vital signs in a single monitor: heart rate, blood oxygen, electrocardiogram, respiratory rate, blood pressure, and temperature. Awarded a 510(k) clearance in April, Stasis, out of the Cedars-Sinai Accelerator program, has had a limited deployment at Texas-based emergency-care provider Hospitality Health ER and California-based Glendale Surgical Center and Orthopedic Surgery Specialists. It has also deployed to 50 cities in India. Mobihealthnews

Smartphone-connected inhaler sensor company Propeller Health has inked a deal with Novartis in Japan. Patients prescribed Novartis’ drugs for uncontrolled asthma, the Enerzair or Atectura Breezhaler, can now enroll in Propeller’s digital-management program. Data about their inhaler use will be transmitted from the sensor on the inhaler to Propeller’s smartphone app. The app also pings users with reminders and usage data. Propeller was acquired last year for a stunning $225 million by ResMed. Propeller this past May gained 510(k) FDA clearance for a sensor/app for use with AstraZeneca’s Symbicort inhaler.

Cerner’s EHR implementation with the US Department of Veterans Affairs finally took a step forward after many delays with the launch last Friday of a new scheduling system at the VA Central Ohio Healthcare System in Columbus, Ohio. Cerner migrated the information of some 60,000 veterans in preparation. The full EHR at the Mann-Grandstaff VA Medical Center in Spokane, Washington, originally scheduled for March, will go live this fall. Healthcare Dive

While telehealth virtual office visits flatten, overall up 300-fold; FCC finalizes COVID-19 telehealth funding program (US)

July 22, 2020 | by

As expected, the trend of telehealth visits versus in-person is flattening as primary care offices and urgent care clinics reopen. Yet the overall trend is up through May–a dizzying 300-fold, as tracked by the new Epic Health Research Network (EHRN–yes, that Epic). Their analysis compares 15 March-8 May 2020 to the same dates in 2019 using data from 22 health systems in 17 states which cover seven million patients. It also constructs a visit diagnosis profile comparison, which leads with hypertension, hyperlipidemia, pain, and diabetes–with the 2020 addition of — unsurprisingly — anxiety.

POLITICO Future Pulse analyzed EHRN data into July (which was not located in a cross-check by this Editor) and came up with its usual ‘the cup has a hole in it’ observation: “TELEHEALTH BOOM BUST”. But that is absolutely in line with the Commonwealth Fund/Phreesia/Harvard study which as we noted tailed off as a percentage of total visits by 46 percent [TTA 1 July]. But even POLITICO’s gloomy headline can’t conceal that telehealth in the 37 healthcare systems surveyed was a flatline up to March and leveled off to slightly below the 2 million visit peak around 15 April. 

Where POLITICO’s gloom ‘n’ doom is useful is in the caution of why telehealth has fallen off, other than the obvious of offices reopening. There’s the post-mortem experience of smaller practices which paints an unflattering picture of unreadiness, rocky starts, and unaffordability:

  • Skype and FaceTime are not permanent solutions, as not HIPAA-compliant
  • New telehealth software can cost money. However, this Editor also knows from her business experience that population health software often has a HIPAA-compliant telehealth module which is relatively simple to use and is usually free.
  • It’s the training that costs, more in time than money. If the practice is in a value-based care model, that is done by market staff either from the management services organization (MSO) or the software provider.
  • Reimbursement. Even with CMS loosening requirements and coding, it moved so quickly that providers haven’t been reimbursed properly.
  • Equipment and broadband access. Patients, especially older patients, don’t all have smartphones or tablets. Not everyone has Wi-Fi or enough data–or that patient lives in a 2-bar area. Some practices aren’t on EHRs either.
  • Without RPM, accurate device integration, and an integrated tracking platform, F2F telehealth can only be a virtual visit without monitoring data.

Perhaps not wanting to paint a totally doomy picture (advertising sponsorship, perhaps?), the interview with Ed Lee, the head of Kaiser Permanente’s telehealth program, confirmed that the past few months were extraordinary for them, even with a decent telehealth base. “We were seeing somewhere around 18 percent of telehealth [visits] pre-covid. Around the height of it, we’re seeing 80 percent.” They also have pilots in place to put technology in the homes of those who need it, and realize its limitations.

Speaking of limitations, the Federal Communications Commission (FCC) COVID-19 Telehealth Program, authorized by the CARES Act, is over and out. The final tranche consisted of 25 applications for the remaining $10.73 million, with a final total of 539 funding applications up to the authorized $200 million. Applicants came from 47 states, Washington, DC, and Guam. FCC release. To no one’s surprise, 40 Congresscritters want to extend it as a ‘bold step’ but are first demanding that Chair Ajit Pai do handsprings and provide all sorts of information on the reimbursement program which does not provide upfront money but reimburses eligible expenditures. That will take a few months. You’d think they’d read a few things on the FCC website first. mHealth Intelligence

News Roundup (updated): Proteus files Ch. 11, VA’s EHR tests now fall–maybe, making US telehealth expansion permanent, Rennova’s rural telehealth bet, Oysta’s Lite, Fitbit’s Ready to Work jumps on the screening bandwagon

June 17, 2020 | by

Proteus Health, the company which pioneered what was initially derided as a ‘tattletale pill’, filed Chapter 11 bankruptcy today (16 June). As early as December, their layoffs of nearly 300 and closure of several sites was a strong clue that, as we put it, Proteus would be no-teous without a big win. Exactly the opposite happened with the unexpected early end of their Otsuka partnership with Abilify [TTA 17 Jan]. Proteus had raised about $500 million in venture capital from Novartis plus technology investors and family offices. Their combination of a pill with an ingestible sensor, a patch that detects ingestion and that sends information to a smartphone app was ingenious, but in a business model was meant for high-cost medications. Proteus’ current partnerships include TennCare (TN Medicaid), plus Xealth and Froedtert to integrate medication information into electronic health records. At one point, Proteus was valued at $1.5 bn by Forbes, making it one of the early healthcare unicorns.  CNBC, FierceHealthcare

VA further delayed in implementing Cerner-Leidos EHR. POLITICO’s Morning eHealth earlier this month reported from congressional sources that further testing would be delayed to the fall at the earliest and possibly 2021. The project to replace VistA stands at $16 bn. Contributing to delay was an April COVID outbreak in Spokane at a veterans’ home, which pushed patients into the VA medical center. 

In further DC news, several senators are advocating that the relaxing of restrictions on telehealth during COVID should largely be made permanent. According to the lead senator, Brian Schatz (D-HI), Medicare beneficiaries using telehealth services increased 11,718% in 45 days. Many telehealth requirements were waived, including geographic, coding of audio-video and telephonic telehealth billing, and HIPAA platform requirements. Other senators are introducing bills to support remote patient monitoring programs in community health centers’ rural health clinics. FierceHealthcare

The climate for telehealth has improved to the point where smaller players with side bets are now betting with bigger chips. Rennova Health, a mid-South healthcare provider with a side in software, is merging its software and genetic testing interpretation divisions, Health Technology Solutions, Inc. (HTS) and Advanced Molecular Services Group, Inc., (AMSG) with TPT Global Tech. The combined company will be called InnovaQor after an existing subsidiary of TPT and plans to create a next-generation telehealth platform targeted to rural health systems. Release, Becker’s Hospital Review

Oysta Technology has launched the Oysta Lite with an SOS button, GPS, safety zone mapping for travel, and two-way voice. The SOS connects to their IntelliCare platform which provides status monitoring, reporting, and device management plus connecting to the telecare service provider. They are specifically targeting post-lockdown monitoring of frail elderly.  Press flyer/release.

Fitbit jumps on the crowded COVID workplace screening bandwagon with Ready to Work, a employer-sponsored program that uses individual data collected via the Fitbit device such as resting heart rate, heart rate variability and breathing rate. Combined with self-reported symptoms, temperature, and potential exposure, the Daily Check-In app then provides guidance on whether the employee should go to work or remain at home. According to the Fitbit release, a higher heart rate–as little as two beats a minute–can be indicative of an immune system response before the onset of symptoms. TTA has earlier reported [19 May] on other COVID workplace screeners such as UHC/Microsoft’s ProtectWell app, Appian, and (in-house) PWC. FierceHealthcare also lists several others on the cart: Castlight Health, Collective Health, Carbon Health, VitalTech, and Zebra Technologies. However, at this stage, few employees are leaving remote work for in office, and fewer still may even return to the office.

Allscripts’ $145 million settlement with DOJ on Practice Fusion’s ‘kickbacks’ on opioid prescribing, other charges

January 29, 2020 | by

The US Department of Justice announced on 27 February that it reached a $145 million settlement with Practice Fusion on what DOJ termed “kickbacks from a major opioid company in exchange for utilizing its EHR software to influence physician prescribing of opioid pain medications”. Allscripts, which now owns Practice Fusion, will be paying out penalties of $25.4 million in criminal fines, $113.4 million to the Federal Government, and up to $5.2 million to individual states, as well as forfeiting criminal proceeds of nearly $1 million from the ‘kickback’. The specific charges relate to two felony charges related to the Anti-Kickback Statute (AKS) and for conspiring with its opioid company client to violate the AKS.

The opioid company is widely believed to be Purdue Pharmaceutical, manufacturers of Oxycontin, according to HISTalk. The high dudgeon generated in the DOJ press release is related to opioid prescriptions and physician usage which are and remain highly controversial. Apparently, Purdue wasn’t the only pharma company that benefited from this type of influence.

In this Editor’s analysis, ‘kickbacks’ is a legalism to prosecute under the AKC what marketers would term a sponsorship deal. Practice Fusion was from inception advertiser supported. What is different here from pop-up screen adverts is that Practice Fusion created sponsorship packages in which not only advertising was featured, but also clinical support decision (CDS) alerts were created, aimed at increasing prescription sales of companies’ products. In addition, Practice Fusion allowed companies to participate in the design of the CDS software. These sponsorships took place between 2014 and 2019. None of this is unusual in AdLand in general, but in pharma and healthcare which play by far stricter rules about marketing programs, this goes against the expectation (and regulation) that an EHR is unbiased.

Allscripts had ‘leaked’ this back in August on their Q2 investor call. Buried in the DOJ release after the opioid ire is the settlement of Practice Fusion’s violations of Office of the National Coordinator for Health Information Technology (ONC) regulations concerning the voluntary health IT certification program, and the Centers for Medicare & Medicaid Services (CMS) regulations around EHR incentive programs, presumably Meaningful Use certifications and payments. This was the origin of the earlier announcement of a $145 million settlement on Allscripts’ Q2 2019 investor call, which in retrospect strikes this Editor as a nice try at minimizing far more serious charges. [TTA 14 August] CDS favoring opioid prescription is far more disturbing.  

It does seem that Allscripts bought itself a bargain basement of trouble with Practice Fusion. Mobihealthnews, TechCrunch

News roundup: Proteus dissolves with Otsuka, EHRs add 16 min. per patient, DrChrono mobile EHR raises $20M, CareBridge LTSS launches, ‘flyover healthtech’ soars

January 17, 2020 | by

The much-touted partnership of Proteus Digital Health with Otsuka Pharmaceutical of Japan for a digital version of Abilify has ended prematurely. Abilify MyCite was the first drug cleared by FDA with a digital tracking system in November 2017 [TTA 14 Nov 17]. Otsuka was also going to fund Proteus for further development of drug tracking.

In the payout for the Proteus license, Otsuka has the right to use Proteus’ technology for its own mental illness drug research. Proteus will abandon its research in mental illness and cardiovascular conditions and concentrate on digital meds in cancer and infectious disease. Before the holidays, we saw reports that ‘Proteus may be no-teous‘ and that layoffs and office closures were in the works. STAT reports that the Proteus-Otsuka breakup is one of several recently: Sandoz and Pear Therapeutics, Sanofi and Alphabet’s Onduo.

Where does a doctor’s time go? EHR use, for one. A study of 155,000 ambulatory medical subspecialists and primary care physicians in 2018 clocked EHR use per encounter at over 16 minutes on average, with chart review, documentation, and ordering functions accounting for most of the time (33, 24, and 17 percent, respectively). Percentages changed by subspecialty. PhysiciansWeekly,  ACP Annals of Internal Medicine (abstract only

Speaking of EHRs, DrChrono, one of the first mobile-friendly EHRs/practice management/revenue cycle platforms, raised $20 million in a Series B led by ORIX Growth Capital. Its total funding in nine years tops $48 million. Crunchbase, Mobihealthnews

Long term care (LTC) has been ‘about to be hot’ for at least 10 years. Where the real money may be made is in the ‘back end’. This week, a new long-term support services (LTSS) firm, CareBridge launched out of Nashville, backed with $40 million in fresh funding with a BOD helmed by a former US senator and physician, Bill Frist. Created in part through the acquisition of two other companies, HealthStar and Sinq Technologies, it will concentrate on electronic visit verification by caregivers for in-home service delivery, provide real-time sharing of clinical information, support members with enhanced tablet-based telehealth services, and is building a predictive model for service support. BusinessWire

Flyover tech soars, indeed. We note that CareBridge is in Nashville, which snobs on both coasts demeaningly call ‘flyover country’. Well, there’s gold in Middle America’s hills when it comes to health tech, with some of the choicest high flyers at this week’s JP Morgan Healthcare Conference from places like Nashville, Minneapolis, Ann Arbor, Denver, and Iowa. Utah alone has enough tech to earn it the nickname ‘Silicon Slopes’. Utah’s highlighted company is one this Editor found back in 2013Owlet–still (baby) socking it to them, cutely. Others, unfortunately, are wince-worthy–the prize goes to the Ōmcare med dispenser, which makes darn sure via two Wi-Fi-enabled interactive cameras that those pills are not only being taken, but also being swallowed. Really. Observer

Does healthcare need a new EHR system? A major health system thinks so. (Updated)

October 9, 2019 | by

An interesting pairing to work on a ‘next generation EHR’. EHR and HIT giant Allscripts and Northwell Health, the largest health system in New York State, are partnering to develop an EHR that is AI and cloud-based and–what’s different–voice-enabled. Allscripts will, according to the release, provide development and systems integration expertise; Northwell will provide the clinician input, testbed, and also support the project with IT and administrative staff. The goal is an optimized patient and clinician experience, which is about as specific as the release gets. According to POLITICO’s Morning eHealth, the foundation for the system will be Avenel, the company’s stripped-down, cloud-based EHR platform, There’s no further information on timing, cost, what the AI might do, or whether the focus will be on acute care or outpatient/specialty practices.

Allscripts and Northwell will continue with their Allscripts EHRs in use since 2009, Allscripts Sunrise at the 19 Northwell hospitals and Allscripts Touchworks EHR used at Northwell’s 750 owned and operated outpatient practices in the metro New York area. Additional articles at Northwell’s newsroom.

Update 16 Oct: Northwell announced that it was extending its contract with Allscripts through December 2027. Read on in HISTalk for a tart take on the odds that the next-gen EHR will actually be a viable, competitive new product.

Allscripts reaches deal with DOJ on Practice Fusion in compliance settlement for $145 million

August 14, 2019 | by

EHR giant Allscripts settled with the US Department of Justice on compliance charges made against Practice Fusion. Allscripts acquired Practice Fusion, a free/low-cost EHR targeted to primary care practices, in January 2018. A year earlier, Practice Fusion had received an inquiry from the US Attorney’s Office for the District of Vermont examining the company’s compliance with the EHR certification program. According to Fierce Healthcare, after Allscripts acquired Practice Fusion, the inquiry expanded…and expanded…to include additional certification and Anti-Kickback statute charges. Since then, Allscripts has rebranded the EHR as Veradigm.

The announcement was made during their 2019 Q2 results investor call. Their president claimed the $145 million settlement, at this point an agreement in principle with DOJ, is in line with other EHR-DOJ settlements. 

Consider it a final payment on the knockdown price ($100 million) Allscripts paid for Practice Fusion.

Their Q2 bookings were $276 million, up 31% from the prior-year period, but revenue at $445 million was lower than expectations. 

Malaysia to spend over $360M for EHRs over the next five years

July 3, 2019 | by

Obviously no burnout fear here! The Malaysian Health Minister Datuk Seri Dr Dzulkefly Ahmad announced in Parliament in Kuala Lumpur that the government will spend RM1.5 billion ($362.3M or £287.7M) on implementing EHR systems in all government hospitals and clinics over the next five years. The open tender will be announced this year and may be awarded to more than one system in different phases.

Malaysia currently has some information systems at work in its health systems. According to the article in The Edge Markets, out of 145 government hospitals, 35, or 25 percent, have Hospital Information Systems (HIS) such as Cerner, iSoft, Fisicien, Profdoc, and Patient Management System. 7 percent, or 118 out of 1,703 government clinics, have  Clinical Information Systems (CIS) such as Teleprimary Care (TPC), Oral Health Care Information System (OHCIS), and TPC-OHCIS. The Health Ministry is also evaluating proposals from 60 companies prior to opening the tender. The wide-open-spaces where global EHRs could conquer are growing fewer and fewer.

News roundup: FCC RPM/telehealth push, NHS EHR coding breach, unstructured data in geriatric diagnosis, Cerner-Lumeris, NHS funds social care, hospital RFID uses

July 13, 2018 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/12/Lasso.jpg” thumb_width=”125″ /]FCC backs post-discharge RPM plan. The “Connected Care Pilot Program” proposed by FCC commissioner Brendan Carr would provide $100 million for subsidies to hospitals or wireless providers running post-discharge remote monitoring programs for low-income and rural Americans such as those run by the University of Mississippi Medical Center. The goal is to lower readmissions and improve patient outcomes. The proposal still needs to be formalized so it would be 2019 at earliest. POLITICO Morning eHealth, Clarion-Ledger, Mobihealthnews

NHS Digital’s 150,000 patient data breach originated in a coding error in the SystmOne EHR used by GPs. Through the error by TPP, SystmOne did not recognize the “type 2 opt-out” for use of individual data in clinical research and planning purposes. This affected records after 31 March 2015. This breach also affects vendors which received the data, albeit unknowingly, but the duration of the breach makes it hard to put the genie back in the bottle, which NHS Digital would like to do. Inforisktoday, NHS Digital release

Unstructured data in EHRs more valuable than structured data in older adult patient health. A new study in the Journal of the American Geriatrics Society compared the number of geriatric syndrome cases identified using structured claims and structured and unstructured EHR data, finding that the unstructured data was needed to properly identify geriatric syndrome. Over 18,000 patients’ unstructured EHR notes were analyzed using a natural language processing (NLP) algorithm.

Cerner buying a share in population health/value-based care management company Lumeris through purchasing $266 million in stock in Lumeris parent Essence Group Holdings. The angle is data crunching to improve outcomes for patients in Medicare Advantage and other value-based plans. Lumeris also operates Essence Healthcare, a Medicare Advantage plan with 65,000 beneficiaries in Missouri. Fierce Healthcare

NHS Digital awarding £240,000 for investigating social care transformation through technology. The Social Care Digital Innovation Programme in 12 councils will be managed by both NHS and the Local Government Association (LGA). Projects to be funded span from assistive technologies to predictive analytics. Six winners from the original group of 12 after three months will be awarded up to a further £80,000 each to design and implement their solutions. New Statesman

Curious about RFID in use in healthcare, other than in asset management, access, and log in? Contactless payments is one area. As this is the first of four articles, you’ll have to follow up in Healthcare IT News

Blockchains, EHRs, roadblocks and baby steps

March 12, 2018 | by | 3 Comments

TTA founder and former editor Steve Hards crawls out of his retirement tent to squint at the misty landscape of blockchain technology.

In a recent dream I was observing an auditorium full of people chanting “Blockchain! Blockchain! Blockchain!” and yes, mantra-like, blockchain is now popping up all the time in health technology articles and presentations.

It has taken a while to get to this stage. It was January 2016 when Editor-in-Chief Donna first mentioned blockchain. Since then there appears to have been more talk than action.

A year ago, in February 2017, health IT guru Brian Ahier was able to say in a comment here “Blockchain of course, is going to sneak up on a lot of people…”

Where we have seen developments occurring is in the trickle of ‘coins’ or ‘tokens’ in health-related Initial Coin Offerings (ICOs) of dubious investment worthiness. I may rant about those in a follow-up article if anyone is interested. (Let me know in a comment.)

The terminology is still in its ‘shakedown phase’ (see this great terminology rant) and, because of the publicity around Bitcoin, which is on a blockchain, the distinction between blockchains and distributed ledger databases is blurred. There are technical differences: blockchains are a sub-set of distributed ledgers (Wikipedia), which is the term I’ll generally use in this article.

Distributed ledgers and EHRs

What are the implications of distributed ledgers for the biggest databases in healthcare, electronic health records (EHRs)?

The two principal characteristics that differentiate distributed ledgers from the databases with which we are familiar are that they are more robust and, potentially, more private. Some even claim to be quantum computing hack proof although we will have to wait for hackers with quantum computers to test that.

Traditional databases are formed from one large or several linked entities that have a centralised control from where performance, data integrity and security are monitored and managed. There are human and technological factors that introduce weaknesses to all such systems, as the number of data breaches reported here over the years testify.

(more…)

VA moves closer to doing Cerner EHR deal, real Choice for veterans (updated)

February 23, 2018 | by

The Cerner EHR deal with the VA edges closer to closing. Another VA contractor, MITRE, reviewed the agreement and recommended 50 changes that, according to POLITICO Morning eHealth’s source, address many of the interoperability-related usability features “that irritate EHR users” such as reconciling data coming from outside sources (Home Telehealth, perhaps?–Ed.). VA officially updated the status with Congressional Veterans Affairs staff on Tuesday. The deal could be inked as early as next week, but never bet on this when the Secretary seems doubtful of the agreement date. In any case, it will be a decade before VA is fully transitioned from VistA. Speaking of the Secretary, Dr. Shulkin’s crisis of last week seems to have passed with a White House vote of confidence. He can ‘cashier’ his critics and according to him, everyone’s on board with a clear direction. We’ll see. 

Updated. Well, it’s 2 March and still no word on closing the Cerner contract. Meanwhile, the VA ‘revolt’ continues, with either true or false reports of demands for Dr. Shulkin’s resignation. It’s exhausting, and meanwhile who pays? Staff and veterans. See POLITICO from 1 March here.

Modern Healthcare reported that important reforms in the VA Choice legislation are closer to reality with the Senate Veterans Affairs committee. They are proposing changes, supported by the White House, that would open up VA Choice eligibility to nearly all veterans by “making VA facilities responsible for meeting access standards set by the VA secretary. If a facility can’t, the patient can seek out a community provider if both patient and a VA provider or an authorized provider in the community working closely with VA deem that a better option than a VA facility.” This is a step beyond the earlier proposed access standards which would have given the VA Secretary discretion to relax restrictions to community care provision. Currently the VA Choice program is used by only 1 million veterans who have to prove that they are facing wait times of 30 days or more, or 40-mile travel time to a VA clinic. While the tone in the article is slightly disparaging, firm standards and opening the VA to limited market pressures to this Editor is a good thing–and getting effective care faster to veterans, many of whom live in exurban or rural areas, is beyond all considerations, absolutely necessary. How this affects veterans monitored by telehealth programs–and interoperability of their records–are open questions.

Google ‘deep learning’ model more accurately predicts in-hospital mortality, readmissions, length of stay in seven-year study

February 14, 2018 | by

A Google/Stanford/University of California San Francisco/University of Chicago Medicine study has developed a better predictive model for in-hospital admissions using ‘deep learning’ a/k/a machine learning or AI. Using a single data structure and the FHIR standard (Fast Healthcare Interoperability Resources) for each patient’s EHR record, they used de-identified EHR derived data from over 216,000 patients hospitalized for over 24 hours from 2009 to 2016 at UCSF and UCM. Over 47bn data points were utilized.

The researchers then looked at four areas to develop predictive models for mortality, unplanned readmissions (quality of care), length of stay (resource utilization), and diagnoses (understanding of a patient’s problems). The models outperformed traditional predictive models in all cases and because they used a single data structure, are projected to be highly scalable. For instance, the accuracy of the model for mortality was achieved 24-48 hours earlier (page 11). The second part of the study concerned a neural-network attribution system where clinicians can gain transparency into the predictions. Available through Cornell University Library. AbstractPDF.

The MarketWatch article rhapsodizes about these models and neural networks’ potential for cutting healthcare costs but also illustrates the drawbacks of large-scale machine learning and AI: what’s in the EHR including those troublesome clinical notes (the study used three additional deep neural networks to discern which bits of the clinical data within the notes were relevant), lack of uniformity in the data sets, and most patient data not being static (e.g. temperature). 

And Google will make the chips which will get you there. Google’s Tensor Processing Units (TPUs), developed for its own services like Google Assistant and Translate, as well as powering identification systems for driverless cars, can now be accessed through their own cloud computing services. Kind of like Amazon Web Services, but even more powerful. New York Times

EHR action: Allscripts acquires Practice Fusion, expands footprint in small/ambulatory practices

January 9, 2018 | by

A significant EHR acquisition kicks off an action-packed week. Announced today by leading EHR Allscripts is their acquisition for $100 million of independent practice EHR Practice Fusion. Allscripts, which has been usually in the top five US EHRs (Kalorama April 2017 survey), vastly expanded its hospital market share with August’s acquisition of #2 McKesson‘s health IT business and with this would be ranked just behind EHR leader Cerner. In acute care settings, Epic and Cerner dominate with 25 percent of the market each with Allscripts/McKesson far behind #3 Meditech (KLAS April 2017). 

Practice Fusion, one of the pioneers in the small practice/ambulatory EHR starting with a basic free, ad-paid model in 2005, has 30,000 ambulatory sites serving about 5 million patients each month. In the Allscripts view, they will now be able to offer “last mile” reach to the under-served clinicians in small and individual practices” and close gaps in care. Allscripts President Rick Poulton noted in the statement that “We believe this transaction will directly benefit Practice Fusion clients, who will now have access to Allscripts solutions and services. We look forward to welcoming Practice Fusion team members to our family.” which leads one to believe that the Practice Fusion name will be sunsetted. Allscripts release and Healthcare IT News

From being the leader in small practice EHRs, Practice Fusion found the last few years difficult as competition expanded into their segment, from eClinical Works, drchrono, athenahealth, and NextGen to small practice packages from Epic and Cerner.

It should be noted that Practice Fusion in 12 years went through 13 funding rounds, raising almost $158 million from a long list of VC luminaries such as Kleiner Perkins, Artis Ventures, Founders Fund, and Qualcomm Ventures (Crunchbase). However, it disappointed its investors and Wall Street, which expected two years ago a $1.5 billion IPO. The $100 million from Allscripts is all cash and the price is “subject to adjustment for working capital and net debt”–an exit which was surely not the sugarplum in the eyes of its 2014 and prior  investors. CNBC

Now EHR data entry 50% of primary care doctors’ workday: AMA, University of WI report

September 15, 2017 | by | 4 Comments
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/09/EHR-burden-Robert-Wachter.jpg” thumb_width=”200″ /]Where’s the doctor? Typing away! A fact of life doctors have agonized on over the past ten years–even great advocates like Robert Wachter, MD above at NYeC last year–is the clerical burden of EHRs and patient data entry. A late 2016 time and motion study in the ACP Annals of Internal Medicine (AMA, Dartmouth-Hitchcock, Australian Institute of Health Innovation) noted a mere 49.2 percent of ambulatory physicians’ time spent on EHR and desk work. Mayo Clinic (above) has been tracking both the burnout and the burden as 50 percent (above).

Now we have a new three-year study published in the Annals of Family Medicine led by the University of Wisconsin Medical School tracking EHR data entry as 52 percent: 5.9 hours of an 11.4 hour workday. This includes allied clerical and administrative tasks including documentation, order entry, billing and coding, and system security accounting for 2.6 hours, close to 50 percent of the 5.9 hours daily.

Is there a way out? The study’s recommendations were:

  • Proactive planned care
  • Team-based care that includes expanded rooming protocols, standing orders and panel management
  • Sharing of clerical tasks including documentation, order entry and prescription management
  • Verbal communication and shared inbox work
  • Improved team function.

Much of this sounds like burden shifting to deal with the EHR, not a redesign of the EHR itself, but the commentary in AMA Wire makes it clear that it was shifted in the first place by the EHR designers from other staff to the doctor for direct entry. Other time savings could be realized through moving to single sign-on (versus dual entry passwords) to advanced voice-recognition software. (UW release)

The earlier ACP study excerpt in NJEM Journal Watch has physician comments below the article and they blast away: (more…)